A disaster recovery plan is your insurance against serious cyber attacks, hardware failure, power outages, and human error. A range of policies, tools, and technologies make up an effective plan. The end goal is always the same: get your business operating as normal in as short a time as possible.
1. Ransomware now appears in 88% of breaches at small and medium-sized businesses
SMBs experienced ransomware in 88% of breach cases in 2025, compared with 39% at large enterprises. Attackers specifically target smaller businesses because they typically lack the layered defences and recovery readiness of larger organisations. (Source: Verizon 2025 Data Breach Investigations Report)
2. Ransomware is involved in 44% of all confirmed breaches
This is a sharp rise from 32% the year before, and ransomware has now overtaken stolen credentials as the most common action in breaches. (Source: Verizon 2025 DBIR)
3. Security incidents are now the leading cause of SMB downtime
84% of firms cite security incidents as their number one cause of downtime, ahead of human error, inadequate hardware, and outdated software. (Source: ITIC 2024 Hourly Cost of Downtime Report)
4. AI-generated phishing emails have doubled
Attackers are increasingly using generative AI to write more convincing phishing emails, removing many of the spelling and grammar errors that used to make them easier to spot. (Source: Verizon 2025 DBIR)
5. Human error caused a major outage at nearly 40% of organisations
Of those incidents, 85% were caused by failing to follow procedures or by flaws in the processes themselves, often linked to understaffing or insufficient training. (Source: Uptime Institute 2025 Annual Outage Analysis Report)
6. 1 in 5 SMBs could not survive a breach costing as little as $10,000
The financial impact of a serious incident is often underestimated. A significant proportion of small businesses report they would not be able to recover from a comparatively modest breach. (Source: VikingCloud 2025 SMB Threat Landscape Report)
7. Median ransomware payments fell, but refusal to pay rose to 64%
More businesses are refusing to pay ransoms than ever before, up from 50% just two years ago. This is only a safe position to take if a proper backup and recovery plan is already in place. Without one, refusing to pay simply means the data stays lost. (Source: Verizon 2025 DBIR)
8. Only a third of organisations follow recommended backup best practices
Backup frequency and testing discipline vary significantly between businesses, and a substantial proportion fall short of recommended practice, often because backup processes were set up once and never revisited as the business grew. (Source: Acronis Cyber Protection Week Global Report)
9. Unplanned downtime now regularly costs over $100,000 per incident
Even outside large enterprises, the financial impact of unplanned downtime — lost revenue, lost productivity, and recovery costs — adds up quickly. For a typical SME, even a single day of significant disruption represents a meaningful financial hit. (Source: Uptime Institute, 2025)
10. Outage frequency is rising, not falling
More businesses are reporting network outages now than in previous years, with over half experiencing a notable increase over the past two years. The trend is moving in the wrong direction, which makes having a tested recovery plan more important, not less. (Source: Industry outage tracking studies, 2025)
Preventative measures are essential to protect your business data. Proper backup is a vital part of this, but as the statistics above show, a backup alone is not a complete plan. Read more about how backup and disaster recovery work together on our Backup and Disaster Recovery page, or see our specific Server Backups and Microsoft 365 Disaster Recovery pages for how we protect on-premise and cloud systems.
One monthly fee. One number to call. The day-to-day risk of your business not being able to recover from a serious incident becomes our job, not yours.
